Appendix 5A: Identifying Risks and Implementing Controls

5A.1. Procurement Risk and Controls

Procurement involves acquiring the goods and services necessary for an organization’s operations. The primary activities in this process include the following:

  • Needs Identification: The process begins with identifying the goods or services required to meet organizational objectives. This involves assessing current inventories; forecasting needs based on operational demands and determining specifications for the required goods or services.
  • Vendor Selection and Evaluation: Organizations must select and evaluate potential vendors based on criteria such as price, quality, reliability, and service. This may involve a tendering process, where vendors are invited to submit bids, and their proposals are evaluated against predefined criteria.
  • Purchase Ordering: Once a vendor is selected, a purchase order detailing the goods or services required, quantities, prices, delivery dates, and payment terms is issued. This legal document serves as an agreement between the organization and the supplier.
  • Receiving and Inspection: Upon delivery, goods are inspected for quality and quantity to ensure they match the purchase order specifications. Any discrepancies or defects are reported to the supplier for resolution.
  • Invoice Processing and Payment: The corresponding invoice is processed for payment after receiving and accepting the goods. This involves verifying that the invoice matches the purchase order and delivery documentation, ensuring that the organization only pays for goods or services correctly received.
  • Record Keeping: Accurate records of all procurement activities, including vendor evaluations, purchase orders, receipts, and payments, are maintained for future reference, auditing, and financial reporting.

Let’s review the top three procurement risks and their impact on the organization. We will also take an inventory of the top three preventive, detective, corrective, and accounting controls related to each risk.

Fraudulent Purchases

Risk Impact

Unauthorized or fraudulent purchases can result in significant financial losses and damage the organization’s reputation. This risk involves the exploitation of weaknesses in procurement processes to make illicit purchases.

Preventive Controls

  • Vendor Due Diligence: Conducting thorough background checks and vetting processes for potential vendors.
  • Supplier Risk Assessment: Assessing the risk associated with each supplier based on factors such as financial stability and reputation.
  • Contract Compliance Reviews: Regular reviews to ensure that all procurement activities adhere to contractual terms and policies.

Detective Controls

  • Invoice Matching: Comparing invoices with purchase orders and receipts to identify discrepancies or unauthorized purchases.
  • Order Tracking: Monitoring the movement of goods from procurement to delivery to detect irregularities or unauthorized transactions.
  • Receipt Inspection: Inspecting received goods to verify quantity, quality, and adherence to specifications.

Corrective Controls

  • Investigation and Reporting: Investigate suspected fraudulent activities and report findings to management and relevant authorities.
  • Supplier Performance Management: Review supplier performance metrics to identify patterns or anomalies indicative of dishonest behaviour.
  • Contract Amendments or Terminations: Modifying or terminating contracts with vendors involved in fraudulent activities.

Accounting Controls

  • Segregation of Duties: Separating procurement responsibilities across different individuals or departments to prevent collusion and unauthorized transactions.
  • Budgetary Controls: Setting and monitoring budgets for procurement activities to avoid overspending or unauthorized purchases.
  • Purchase Order Approval Workflow: Implementing a structured approval process for purchase orders to ensure proper authorization and oversight.

Supply Chain Disruptions

Risk Impact

Disruptions in the supply chain can lead to delays in delivery and increased costs for an organization. This risk encompasses potential disruptions in the flow of goods or services from suppliers to the organization, impacting operational efficiency and financial performance.

Preventive Controls

  • Supplier Risk Assessment: The risk associated with each supplier is assessed based on location, transportation methods, and geopolitical risks.
  • Contract Compliance Reviews: Regular reviews to ensure that supplier contracts include provisions for managing supply chain disruptions.
  • Contract Amendments or Terminations: Modifying or terminating contracts with suppliers unable to meet delivery timelines or quality standards.

Detective Controls

  • Order Tracking: Monitoring the status and location of orders throughout the supply chain to detect delays or disruptions.
  • Receipt Inspection: Inspecting goods to identify damage or discrepancies caused by supply chain disruptions.
  • Supplier Performance Management: Monitoring supplier performance metrics to identify trends indicative of potential supply chain disruptions.

Corrective Controls

  • Investigation and Reporting: Investigate the root causes of supply chain disruptions and report findings to management for corrective action.
  • Vendor Due Diligence: Assessing alternative suppliers and establishing contingency plans to mitigate the impact of disruptions.
  • Contract Compliance Reviews: Reviewing supplier contracts for force majeure clauses and other provisions related to supply chain disruptions.

Accounting Controls

  • Budgetary Controls: Implementing budgetary controls to allocate funds for contingency planning and mitigation strategies.
  • Purchase Order Approval Workflow: Ensuring that purchase orders include provisions for alternate suppliers or delivery schedules to mitigate the impact of supply chain disruptions.
  • Inventory Management Controls: Maintaining adequate inventory levels and safety stock to buffer against supply chain disruptions and minimize disruptions to operations.

Non-Compliance with Policies

Risk Impact

Non-compliance with policies can result in legal and regulatory penalties and loss of contracts and business opportunities. This risk involves failure to adhere to established procurement policies and procedures, leading to violations of laws, regulations, or contractual obligations.

Preventive Controls

  • Contract Compliance Reviews: Regular reviews to ensure that procurement activities comply with organizational policies and relevant regulations.
  • Contract Amendments or Terminations: Modifying or terminating contracts with suppliers found non-compliant with policies.
  • Purchase Order Approval Workflow: Implementing a structured approval process for purchase orders to ensure compliance with policies and procedures.

Detective Controls

  • Receipt Inspection: Inspecting goods received to verify compliance with contractual specifications and quality standards.
  • Contract Compliance Reviews: Conduct periodic audits to identify and address non-compliance promptly.
  • Invoice Matching: Verifying that invoices match contractual terms and pricing agreements to ensure policy compliance.

Corrective Controls

  • Contract Amendments or Terminations: Modifying or terminating contracts with suppliers found non-compliant with policies.
  • Investigation and Reporting: Investigate the root causes of non-compliance and report findings to management for corrective action.
  • Supplier Performance Management: Monitoring supplier performance metrics to identify trends indicative of non-compliance.

Accounting Controls

  • Segregation of Duties: Separating procurement responsibilities to prevent conflicts of interest and ensure policy compliance.
  • Budgetary Controls: Monitoring procurement expenditures to ensure compliance with fiscal constraints and financial policies.
  • Purchase Requisition Controls: Implement controls to ensure purchase requisitions are appropriately authorized and comply with procurement policies before proceeding with procurement activities.
definition

License

Icon for the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License

Internal Auditing: A Practical Approach Copyright © 2024 by Amit M. Mehta is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License, except where otherwise noted.

Share This Book